strongswan.git
9 years agoNEWS about HA plugin
Martin Willi [Wed, 7 Apr 2010 12:16:52 +0000 (14:16 +0200)]
NEWS about HA plugin

9 years agoUpdated HA plugin to new APIs
Martin Willi [Mon, 22 Mar 2010 10:25:27 +0000 (10:25 +0000)]
Updated HA plugin to new APIs

9 years agoUpdated location of traffic selector header
Martin Willi [Fri, 19 Mar 2010 18:06:53 +0000 (19:06 +0100)]
Updated location of traffic selector header

9 years agoMoved ha plugin to libcharon
Martin Willi [Fri, 19 Mar 2010 18:03:46 +0000 (19:03 +0100)]
Moved ha plugin to libcharon

9 years agoMake resync/monitoring functionality optional
Martin Willi [Wed, 30 Sep 2009 14:23:58 +0000 (16:23 +0200)]
Make resync/monitoring functionality optional

9 years agoListen to ike_updown/rekey hook instead of ike_state_change
Martin Willi [Wed, 30 Sep 2009 09:48:15 +0000 (11:48 +0200)]
Listen to ike_updown/rekey hook instead of ike_state_change

9 years agoRequest a complete resync after daemon startup
Martin Willi [Wed, 30 Sep 2009 09:04:22 +0000 (11:04 +0200)]
Request a complete resync after daemon startup

9 years agoDo not automatically take over segments, as we need to resync first
Martin Willi [Wed, 30 Sep 2009 08:36:27 +0000 (10:36 +0200)]
Do not automatically take over segments, as we need to resync first

9 years agoDrop overlapping segments only if we have no active SAs on it
Martin Willi [Tue, 29 Sep 2009 14:40:58 +0000 (16:40 +0200)]
Drop overlapping segments only if we have no active SAs on it

9 years agoDo not install iptables rules, they should stay active after shutdown
Martin Willi [Tue, 29 Sep 2009 14:05:46 +0000 (16:05 +0200)]
Do not install iptables rules, they should stay active after shutdown

9 years agoTake over all segments if heartbeat becomes silent
Martin Willi [Tue, 29 Sep 2009 14:04:51 +0000 (16:04 +0200)]
Take over all segments if heartbeat becomes silent

9 years agoRenamed ha-sync plugin to ha
Martin Willi [Tue, 29 Sep 2009 10:56:10 +0000 (12:56 +0200)]
Renamed ha-sync plugin to ha

9 years agoTry to send HA sync messages synchronously
Martin Willi [Tue, 29 Sep 2009 09:31:24 +0000 (11:31 +0200)]
Try to send HA sync messages synchronously

9 years agoDo not sync a delete for a child in a destroying IKE_SA
Martin Willi [Tue, 29 Sep 2009 09:30:44 +0000 (11:30 +0200)]
Do not sync a delete for a child in a destroying IKE_SA

9 years agoInclude ICMP traffic in sync tunnel
Martin Willi [Tue, 29 Sep 2009 08:43:47 +0000 (10:43 +0200)]
Include ICMP traffic in sync tunnel

9 years agoRefactored segment enabling/disabling
Martin Willi [Tue, 29 Sep 2009 08:34:04 +0000 (10:34 +0200)]
Refactored segment enabling/disabling

9 years agoUse a connected UDP socket
Martin Willi [Tue, 29 Sep 2009 06:53:58 +0000 (08:53 +0200)]
Use a connected UDP socket

9 years agoRemoved obsolete socket subclasses
Martin Willi [Mon, 28 Sep 2009 12:49:16 +0000 (14:49 +0200)]
Removed obsolete socket subclasses

9 years agoAutomatically segment cluster using periodically sent status messages
Martin Willi [Mon, 28 Sep 2009 12:31:39 +0000 (14:31 +0200)]
Automatically segment cluster using periodically sent status messages

9 years agoDo not enable/disable our own sync tunnel
Martin Willi [Wed, 23 Sep 2009 12:04:32 +0000 (14:04 +0200)]
Do not enable/disable our own sync tunnel

9 years agoEnable/disable inactive/active segments only
Martin Willi [Wed, 23 Sep 2009 08:42:05 +0000 (10:42 +0200)]
Enable/disable inactive/active segments only

9 years agoDeactivate all active segments before shutting down
Martin Willi [Tue, 22 Sep 2009 15:10:25 +0000 (17:10 +0200)]
Deactivate all active segments before shutting down

9 years agoHA kernel interface can mangle netfilter rules, currently with iptables invocation
Martin Willi [Tue, 22 Sep 2009 14:51:47 +0000 (16:51 +0200)]
HA kernel interface can mangle netfilter rules, currently with iptables invocation

9 years agoAdded support for kernel segment manipulation
Martin Willi [Tue, 22 Sep 2009 13:19:43 +0000 (15:19 +0200)]
Added support for kernel segment manipulation

9 years agoMoved segment configuration parsing to ha_sync_plugin
Martin Willi [Tue, 22 Sep 2009 12:53:03 +0000 (14:53 +0200)]
Moved segment configuration parsing to ha_sync_plugin

9 years agoPropagate segment manipulation to cluster node
Martin Willi [Tue, 22 Sep 2009 12:33:38 +0000 (14:33 +0200)]
Propagate segment manipulation to cluster node

9 years agoSegment manipulation in HA sync is thread save
Martin Willi [Tue, 22 Sep 2009 12:32:52 +0000 (14:32 +0200)]
Segment manipulation in HA sync is thread save

9 years agoPassing 0 to segments->(de-)activate enables/disables all segments
Martin Willi [Tue, 15 Sep 2009 14:19:39 +0000 (16:19 +0200)]
Passing 0 to segments->(de-)activate enables/disables all segments

9 years agoseparated auto-tunnel functionality from socket
Martin Willi [Tue, 15 Sep 2009 12:52:56 +0000 (14:52 +0200)]
separated auto-tunnel functionality from socket

9 years agocreate external fifo socket only if "fifo_interface" option is set
Martin Willi [Tue, 15 Sep 2009 11:53:06 +0000 (13:53 +0200)]
create external fifo socket only if "fifo_interface" option is set

9 years agoupdated linuxdir include variable
Martin Willi [Thu, 10 Sep 2009 12:51:12 +0000 (14:51 +0200)]
updated linuxdir include variable

9 years agoupdated HA sync plugin to new lifetime config
Martin Willi [Thu, 10 Sep 2009 12:42:17 +0000 (14:42 +0200)]
updated HA sync plugin to new lifetime config

9 years agoprint "none" if not serving any segments
Martin Willi [Thu, 25 Jun 2009 09:24:18 +0000 (11:24 +0200)]
print "none" if not serving any segments

9 years agoautomatically establish a PSK authenticated SA between cluster nodes
Martin Willi [Wed, 3 Jun 2009 15:06:33 +0000 (17:06 +0200)]
automatically establish a PSK authenticated SA between cluster nodes

9 years agofixed memleak when installing synced virtual IPs
Martin Willi [Fri, 29 May 2009 09:02:47 +0000 (11:02 +0200)]
fixed memleak when installing synced virtual IPs

9 years agodo not sync CHILD_SAs without an IKE_SA
Martin Willi [Tue, 26 May 2009 18:36:39 +0000 (20:36 +0200)]
do not sync CHILD_SAs without an IKE_SA

9 years agoremoved $Id$ from ha plugin
Martin Willi [Thu, 30 Apr 2009 15:00:08 +0000 (17:00 +0200)]
removed $Id$ from ha plugin

9 years agofixed ike_sa condition/extension parsing
Martin Willi [Fri, 17 Apr 2009 07:43:43 +0000 (07:43 +0000)]
fixed ike_sa condition/extension parsing

9 years agoadded a copy of the linux jenkins hash to dist
Martin Willi [Tue, 2 Dec 2008 15:35:11 +0000 (15:35 +0000)]
added a copy of the linux jenkins hash to dist

9 years agofixed sync of CHILD_SA delete
Martin Willi [Tue, 2 Dec 2008 15:33:01 +0000 (15:33 +0000)]
fixed sync of CHILD_SA delete

9 years agoadded HA resync option to (re-)integrate nodes to a cluster
Martin Willi [Mon, 1 Dec 2008 18:38:40 +0000 (18:38 +0000)]
added HA resync option to (re-)integrate nodes to a cluster

9 years agoapply peer config during rekeying
Martin Willi [Fri, 28 Nov 2008 16:40:16 +0000 (16:40 +0000)]
apply peer config during rekeying

9 years agomanage synced SAs in IKE_SA Manager, tag them with IKE_PASSIVE state
Martin Willi [Fri, 28 Nov 2008 15:45:17 +0000 (15:45 +0000)]
manage synced SAs in IKE_SA Manager, tag them with IKE_PASSIVE state

9 years agosupport for IKE_SA rekeying sync
Martin Willi [Fri, 28 Nov 2008 10:32:09 +0000 (10:32 +0000)]
support for IKE_SA rekeying sync

9 years agoIKE_SA activation/deactivation magic using a fifo socket
Martin Willi [Thu, 27 Nov 2008 09:57:31 +0000 (09:57 +0000)]
IKE_SA activation/deactivation magic using a fifo socket

9 years agosyncing of complete IKE/CHILD_SAs works
Martin Willi [Thu, 20 Nov 2008 08:51:54 +0000 (08:51 +0000)]
syncing of complete IKE/CHILD_SAs works

9 years agopushing basic CHILD_SA sync data to backup node
Martin Willi [Tue, 18 Nov 2008 15:21:10 +0000 (15:21 +0000)]
pushing basic CHILD_SA sync data to backup node

9 years agobasic syncing of IKE_SAs
Martin Willi [Mon, 17 Nov 2008 15:58:39 +0000 (15:58 +0000)]
basic syncing of IKE_SAs
recreating SAs with keymat derivation

9 years agoadded a dispatcher class to receive HA sync messages
Martin Willi [Thu, 13 Nov 2008 16:01:06 +0000 (16:01 +0000)]
added a dispatcher class to receive HA sync messages
simple attribute parser enumerator (probably needs a cleaner implementation)

9 years agogenerating basic IKE_SA sync messages
Martin Willi [Thu, 13 Nov 2008 12:46:01 +0000 (12:46 +0000)]
generating basic IKE_SA sync messages
pushing to statically configured failover node

9 years agoset up basic infrastructure ha_sync plugin
Martin Willi [Wed, 12 Nov 2008 13:28:18 +0000 (13:28 +0000)]
set up basic infrastructure ha_sync plugin

9 years agoadded child_sa serialization to ha_sync plugin
Martin Willi [Fri, 24 Oct 2008 12:42:06 +0000 (12:42 +0000)]
added child_sa serialization to ha_sync plugin

9 years agoHA sync plugin stub
Martin Willi [Fri, 24 Oct 2008 08:06:22 +0000 (08:06 +0000)]
HA sync plugin stub

9 years agofixed ikev1/protoport-route timing
Andreas Steffen [Wed, 7 Apr 2010 11:24:58 +0000 (13:24 +0200)]
fixed ikev1/protoport-route timing

9 years agoremoved whitespace
Andreas Steffen [Wed, 7 Apr 2010 11:07:11 +0000 (13:07 +0200)]
removed whitespace

9 years agogenerated new research and sales CA certs for carol and dave, respectively
Andreas Steffen [Wed, 7 Apr 2010 11:04:56 +0000 (13:04 +0200)]
generated new research and sales CA certs for carol and dave, respectively

9 years agoSome whitespace fixes.
Tobias Brunner [Tue, 6 Apr 2010 10:56:06 +0000 (12:56 +0200)]
Some whitespace fixes.

9 years agoExplicitly unload plugins before deinitializing libhydra and libstrongswan in pluto.
Tobias Brunner [Tue, 6 Apr 2010 10:44:15 +0000 (12:44 +0200)]
Explicitly unload plugins before deinitializing libhydra and libstrongswan in pluto.

9 years agoReplaced some DBG_LIB with more specific groups.
Tobias Brunner [Wed, 31 Mar 2010 15:39:02 +0000 (17:39 +0200)]
Replaced some DBG_LIB with more specific groups.

9 years agoAdding DBG_LIB to all calls of libstrongswan's version of DBG*.
Tobias Brunner [Wed, 31 Mar 2010 15:28:46 +0000 (17:28 +0200)]
Adding DBG_LIB to all calls of libstrongswan's version of DBG*.

9 years agoAdding support for debug groups in libstrongswan's logger.
Tobias Brunner [Wed, 31 Mar 2010 15:26:39 +0000 (17:26 +0200)]
Adding support for debug groups in libstrongswan's logger.

9 years agoMove debug groups from charon's bus.h to libstrongswan's debug.h.
Tobias Brunner [Wed, 31 Mar 2010 15:17:02 +0000 (17:17 +0200)]
Move debug groups from charon's bus.h to libstrongswan's debug.h.

9 years agoManually loading the pluto.(n)dns* settings is not needed anymore.
Tobias Brunner [Wed, 31 Mar 2010 12:10:53 +0000 (14:10 +0200)]
Manually loading the pluto.(n)dns* settings is not needed anymore.

9 years agoUse daemon-specific config for the attr plugin.
Tobias Brunner [Wed, 31 Mar 2010 12:10:19 +0000 (14:10 +0200)]
Use daemon-specific config for the attr plugin.

9 years agoMoved attr plugin from libcharon to libhydra.
Tobias Brunner [Wed, 31 Mar 2010 11:55:12 +0000 (13:55 +0200)]
Moved attr plugin from libcharon to libhydra.

9 years agoStore the name of the daemon that initialized libhydra to load daemon-specific settings.
Tobias Brunner [Wed, 31 Mar 2010 11:45:05 +0000 (13:45 +0200)]
Store the name of the daemon that initialized libhydra to load daemon-specific settings.

9 years agoAdded pluto/whack output to 'ipsec leases'.
Tobias Brunner [Wed, 31 Mar 2010 11:20:22 +0000 (13:20 +0200)]
Added pluto/whack output to 'ipsec leases'.

9 years agoAdded options to whack to query in-memory leases.
Tobias Brunner [Wed, 31 Mar 2010 11:10:11 +0000 (13:10 +0200)]
Added options to whack to query in-memory leases.

9 years agoAdded function to list the leases of the in-memory pools.
Tobias Brunner [Wed, 31 Mar 2010 11:09:07 +0000 (13:09 +0200)]
Added function to list the leases of the in-memory pools.

9 years agoDelete the in-memory IP address pools if a connection gets deleted.
Tobias Brunner [Wed, 31 Mar 2010 08:17:51 +0000 (10:17 +0200)]
Delete the in-memory IP address pools if a connection gets deleted.

This fixes ipsec reload.

9 years agoUse whack_attribute in pluto to provide in-memory IP address pools.
Tobias Brunner [Tue, 30 Mar 2010 17:10:05 +0000 (19:10 +0200)]
Use whack_attribute in pluto to provide in-memory IP address pools.

The pools are configured by setting rightsourceip in ipsec.conf to a
network in CIDR notation.

9 years agoAdding a whack_attribute class which manages in-memory pools in pluto and is very...
Tobias Brunner [Tue, 30 Mar 2010 17:13:45 +0000 (19:13 +0200)]
Adding a whack_attribute class which manages in-memory pools in pluto and is very similar to stroke_attribute.

9 years agoUse a read-write lock in stroke_attribute to increase concurrency.
Tobias Brunner [Fri, 26 Mar 2010 16:08:14 +0000 (17:08 +0100)]
Use a read-write lock in stroke_attribute to increase concurrency.

9 years agoMake in-memory pool thread-safe.
Tobias Brunner [Fri, 26 Mar 2010 15:59:33 +0000 (16:59 +0100)]
Make in-memory pool thread-safe.

9 years agoMigrated stroke_attribute_t to METHOD/INIT macros.
Tobias Brunner [Fri, 26 Mar 2010 15:02:24 +0000 (16:02 +0100)]
Migrated stroke_attribute_t to METHOD/INIT macros.

9 years agoExtracted in-memory IP address pool from stroke plugin to libhydra.
Tobias Brunner [Fri, 26 Mar 2010 14:49:34 +0000 (15:49 +0100)]
Extracted in-memory IP address pool from stroke plugin to libhydra.

9 years agoInvoke updown hook if IKE_SA delete is enforced in deleting state
Martin Willi [Tue, 6 Apr 2010 09:58:29 +0000 (09:58 +0000)]
Invoke updown hook if IKE_SA delete is enforced in deleting state

9 years agoprolonged Research and Sales CA certs
Andreas Steffen [Tue, 6 Apr 2010 10:05:39 +0000 (12:05 +0200)]
prolonged Research and Sales CA certs

9 years agowait one second before running evaluations
Andreas Steffen [Tue, 6 Apr 2010 08:55:59 +0000 (10:55 +0200)]
wait one second before running evaluations

10 years agoincrease UML root file system to 700 MB
Andreas Steffen [Mon, 5 Apr 2010 18:23:20 +0000 (20:23 +0200)]
increase UML root file system to 700 MB

10 years agoadded support of PEM output by ipsec pki --gen|pub commands to NEWS
Andreas Steffen [Mon, 5 Apr 2010 12:08:06 +0000 (14:08 +0200)]
added support of PEM output by ipsec pki --gen|pub commands to NEWS

10 years agoadded ikev2/nat-virtual-ip scenario
Andreas Steffen [Mon, 5 Apr 2010 12:03:38 +0000 (14:03 +0200)]
added ikev2/nat-virtual-ip scenario

10 years agofarp scenario requires logging of arp packets
Andreas Steffen [Mon, 5 Apr 2010 12:01:29 +0000 (14:01 +0200)]
farp scenario requires logging of arp packets

10 years agoadded ikev2/farp scenario
Andreas Steffen [Mon, 5 Apr 2010 10:50:32 +0000 (12:50 +0200)]
added ikev2/farp scenario

10 years agoadded dave2 and carol2 entries to /etc/hosts
Andreas Steffen [Mon, 5 Apr 2010 10:50:07 +0000 (12:50 +0200)]
added dave2 and carol2 entries to /etc/hosts

10 years agoPEM encoding for OpenSSL RSA and EC public and private keys
Andreas Steffen [Sun, 4 Apr 2010 21:59:24 +0000 (23:59 +0200)]
PEM encoding for OpenSSL RSA and EC public and private keys

10 years agoPEM encoding for GMP RSA public and private keys
Andreas Steffen [Sun, 4 Apr 2010 17:11:18 +0000 (19:11 +0200)]
PEM encoding for GMP RSA public and private keys

10 years agofixed short option name
Andreas Steffen [Sun, 4 Apr 2010 08:30:08 +0000 (10:30 +0200)]
fixed short option name

10 years agofixed typo
Andreas Steffen [Sun, 4 Apr 2010 08:29:36 +0000 (10:29 +0200)]
fixed typo

10 years agofixed doxygen group
Andreas Steffen [Sat, 3 Apr 2010 19:55:30 +0000 (21:55 +0200)]
fixed doxygen group

10 years agochange #define to PEM_BUILDER_H_
Andreas Steffen [Sat, 3 Apr 2010 19:43:27 +0000 (21:43 +0200)]
change #define to PEM_BUILDER_H_

10 years agoFixed use of stack local variable outside of function scope
Thomas Egerer [Wed, 31 Mar 2010 12:38:09 +0000 (14:38 +0200)]
Fixed use of stack local variable outside of function scope

10 years agoFixed undefined behavior in use of stack variable
Thomas Egerer [Wed, 31 Mar 2010 08:04:00 +0000 (10:04 +0200)]
Fixed undefined behavior in use of stack variable

10 years agoFixed handling of IKE_SAs without a virtual IP in farp plugin
Martin Willi [Tue, 30 Mar 2010 08:24:47 +0000 (10:24 +0200)]
Fixed handling of IKE_SAs without a virtual IP in farp plugin

10 years agofixed pluto crash caused by expired leftcert and rightca=%same
Andreas Steffen [Mon, 29 Mar 2010 15:44:37 +0000 (17:44 +0200)]
fixed pluto crash caused by expired leftcert and rightca=%same

10 years agocompile dhcp and farp plugins in UMLs
Andreas Steffen [Sun, 28 Mar 2010 20:40:20 +0000 (22:40 +0200)]
compile dhcp and farp plugins in UMLs

10 years agomoved attr-sql plugin to libhydra in pool scenarios
Andreas Steffen [Sun, 28 Mar 2010 20:33:30 +0000 (22:33 +0200)]
moved attr-sql plugin to libhydra in pool scenarios

10 years agoAccept messages with a "sufficient" payload if other payloads (such as V) follow
Martin Willi [Fri, 26 Mar 2010 15:25:04 +0000 (16:25 +0100)]
Accept messages with a "sufficient" payload if other payloads (such as V) follow

10 years agoRevert "Use the same formatting as in the Makefiles of the other plugins. Makes refac...
Tobias Brunner [Fri, 26 Mar 2010 09:47:09 +0000 (10:47 +0100)]
Revert "Use the same formatting as in the Makefiles of the other plugins. Makes refactorings easier."

This reverts commit e91b116a622bbfb20cd66268ca4cb91d620984ad. Missed to
notice commit 89bf11d204cb934ea9109aa077c8514515d538f6.

10 years agoUse the same formatting as in the Makefiles of the other plugins. Makes refactorings...
Tobias Brunner [Fri, 26 Mar 2010 09:40:14 +0000 (10:40 +0100)]
Use the same formatting as in the Makefiles of the other plugins. Makes refactorings easier.